<?php

include_once('_path.php');

include_once(_CONST_LOCAL_INCLUDE_PATH."database.class.php");
$database = new Database($db_vars);

include_once(_CONST_LOCAL_INCLUDE_PATH."common.php");

#用户信息
include_once(_CONST_LOCAL_INCLUDE_PATH."session.include.php");

#载入model
load_model(array("vote"));

$quote = array();

$action = trim($_POST['action']);

$vote_id = intval($_POST['vote_id']);
  $quote['vote_id'] = string_sql($vote_id);
$msgbody = RemoveXSS($_POST['msgbody']);
  $quote['postcontent'] = string_sql($msgbody);
$msg_id = intval($_POST['msg_id']);
$quote['msg_id'] = string_sql($msg_id);  
if(is_loggedin())
{
	$user_id = intval($_SESSION['userid']);
	$quote['user_id'] = string_sql($user_id);
	$quote['postname'] = string_sql($_SESSION['name']);
}
else{
	$user_id = 0;
}

if (!$user_id) {
  ?>1
	<?
} else if ($action == 'add' && ($vote_id > 0) && !empty($msgbody)) {
	    $quote['posttime'] = string_sql(_CONST_TIMENOW);
        $database->execute("INSERT INTO vote_comment (vote_id, user_id, postname, postcontent ,posttime) VALUES (".$quote['vote_id'].", ".$quote['user_id'].", ".$quote['postname'].", ".$quote['postcontent'].", ".$quote['posttime'].")");
		$t = get_commentcount_by_voteid($vote_id);
		$rc = get_comment_by_voteid($vote_id);
			foreach($rc as $c) {
	?>		
		<div class="comment-list clearfix">
			<a href="<?php echo _CONST_WEB_URL . 'homepage.php?id='.$c['user_id'];?>"><img class="comment-user-image" src="<?php echo iif(!empty($c['avatar']), _CONST_PIC_URL . 'avatar/' . $c['user_id'] . '/2_' . $c['avatar'], _CONST_IMG_URL . 'avatar/2.jpg')?>" alt="<?php echo $c['postname'] ?>" /></a>
			<div class="comment-user-name"><a href="<?php echo _CONST_WEB_URL . 'homepage.php?id='.$c['user_id'];?>"><?php echo $c['postname'] ?></a><span class="comment-time"><?php echo date('Y-m-d H:i:s', $c['posttime']);?></span></div>
			<div class="reply-to-comment"><?php echo htmlspecialchars($c['postcontent'])?></div>	
			<?php
			if($_SESSION['buserid']>0 || $_SESSION['userid'] == $c['user_id']){
			?>
			<div class="comment-del"><a href="javascript:;" onclick="deletes(this,<?php echo $c['id'];?>);">删除</a></div>
		   <?php
			}		   
		   ?>
		</div>		
		<?php
			}
		?>	
		<?php 
		if($t>5){
			pagination_comment_ajax(1, 5, $t, "page=%s%");
		}
} else if($action == 'delete' && $msg_id>0 && $_SESSION['buserid']>0){
        $database->execute("DELETE FROM vote_comment WHERE id =".$quote['msg_id']);
} else if($action == 'delete' && $msg_id>0){
        $database->execute("DELETE FROM vote_comment WHERE user_id =".$quote['user_id']." AND id =".$quote['msg_id']);
}
?>